Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #37026 > unrolled thread

Uniquely identifying each & every html template

Back to article view | Back to comp.lang.python

Contents

  Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-18 12:48 -0800
    Re: Uniquely identifying each & every html template John Gordon <gordon@panix.com> - 2013-01-18 20:59 +0000
      Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-18 14:12 -0800
    Re: Uniquely identifying each & every html template Dave Angel <d@davea.name> - 2013-01-18 17:09 -0500
      Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-19 00:39 -0800
        Re: Uniquely identifying each & every html template Dave Angel <d@davea.name> - 2013-01-19 04:00 -0500
          Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-20 23:08 -0800
            Re: Uniquely identifying each & every html template Chris Angelico <rosuav@gmail.com> - 2013-01-21 18:20 +1100
              Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 01:19 -0800
                Re: Uniquely identifying each & every html template Chris Angelico <rosuav@gmail.com> - 2013-01-21 20:31 +1100
                  Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 04:06 -0800
                    Re: Uniquely identifying each & every html template Oscar Benjamin <oscar.j.benjamin@gmail.com> - 2013-01-21 12:39 +0000
                      Re: Uniquely identifying each & every html template alex23 <wuwei23@gmail.com> - 2013-01-21 04:55 -0800
                        Re: Uniquely identifying each & every html template rusi <rustompmody@gmail.com> - 2013-01-21 19:24 -0800
                          Re: Uniquely identifying each & every html template Chris Angelico <rosuav@gmail.com> - 2013-01-22 15:39 +1100
                      Re: Uniquely identifying each & every html template Tom P <werotizy@freent.dd> - 2013-01-22 00:01 +0100
                        Re: Uniquely identifying each & every html template Oscar Benjamin <oscar.j.benjamin@gmail.com> - 2013-01-21 23:43 +0000
                        Re: Uniquely identifying each & every html template Chris Angelico <rosuav@gmail.com> - 2013-01-22 11:04 +1100
                          Re: Uniquely identifying each & every html template alex23 <wuwei23@gmail.com> - 2013-01-22 17:36 -0800
                    Re: Uniquely identifying each & every html template Joel Goldstick <joel.goldstick@gmail.com> - 2013-01-21 07:47 -0500
                      Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 07:00 -0800
                        Re: Uniquely identifying each & every html template Michael Torrie <torriem@gmail.com> - 2013-01-22 16:55 -0700
                          Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-23 01:12 -0800
                            Re: Uniquely identifying each & every html template alex23 <wuwei23@gmail.com> - 2013-01-23 01:37 -0800
                              Re: Uniquely identifying each & every html template Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-01-23 09:49 +0000
                              Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-23 02:29 -0800
                                Re: Uniquely identifying each & every html template Joel Goldstick <joel.goldstick@gmail.com> - 2013-01-23 07:03 -0500
                                  Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-23 04:26 -0800
                                  Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-23 04:26 -0800
                                Re: Uniquely identifying each & every html template alex23 <wuwei23@gmail.com> - 2013-01-23 06:25 -0800
                                Re: Uniquely identifying each & every html template Dave Angel <d@davea.name> - 2013-01-23 07:38 -0500
                                Re: Uniquely identifying each & every html template Chris Angelico <rosuav@gmail.com> - 2013-01-24 10:25 +1100
                                Re: Uniquely identifying each & every html template Dave Angel <d@davea.name> - 2013-01-23 19:09 -0500
                                Re: Uniquely identifying each & every html template Chris Angelico <rosuav@gmail.com> - 2013-01-24 11:39 +1100
                                Re: Uniquely identifying each & every html template Dave Angel <d@davea.name> - 2013-01-23 19:53 -0500
                            Re: Uniquely identifying each & every html template Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-01-23 16:01 -0500
                          Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-23 01:12 -0800
                      Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 07:00 -0800
                    Re: Uniquely identifying each & every html template Dave Angel <d@davea.name> - 2013-01-21 17:26 -0500
                  Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 04:06 -0800
                    Re: Uniquely identifying each & every html template Tim Roberts <timr@probo.com> - 2013-01-21 19:57 -0800
                Re: Uniquely identifying each & every html template Tim Roberts <timr@probo.com> - 2013-01-21 20:04 -0800
                  Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 22:49 -0800
                    Re: Uniquely identifying each & every html template Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-01-22 16:08 -0500
                      Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-23 01:15 -0800
                      Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-23 01:15 -0800
              Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 01:19 -0800
                Re: Uniquely identifying each & every html template alex23 <wuwei23@gmail.com> - 2013-01-21 04:56 -0800
                  Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 07:03 -0800
                    Re: Uniquely identifying each & every html template alex23 <wuwei23@gmail.com> - 2013-01-21 15:35 -0800
                Re: Uniquely identifying each & every html template Piet van Oostrum <piet@vanoostrum.org> - 2013-01-21 21:48 +0100
                  Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 22:38 -0800
              Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 07:07 -0800
                Re: Uniquely identifying each & every html template alex23 <wuwei23@gmail.com> - 2013-01-21 15:36 -0800
                Re: Uniquely identifying each & every html template rusi <rustompmody@gmail.com> - 2013-01-21 20:18 -0800
              Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 07:07 -0800
          Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-20 23:08 -0800
        Re: Uniquely identifying each & every html template Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-01-19 16:32 -0500
          Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-20 22:52 -0800
          Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-20 22:52 -0800
        Re: Uniquely identifying each & every html template John Gordon <gordon@panix.com> - 2013-01-22 16:35 +0000
      Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-19 00:39 -0800

Page 2 of 4 — ← Prev page 1 [2] 3 4  Next page →

#37199

Τη Δευτέρα, 21 Ιανουαρίου 2013 2:47:54 μ.μ. UTC+2, ο χρήστης Joel Goldstick έγραψε:
> This is trolling Ferrous.  you are a troll.  Go away

Just because you cannot answer my question that doesn't make me a troll you know.

[toc] | [prev] | [next] | [standalone]

#37363

On 01/21/2013 08:00 AM, Ferrous Cranus wrote:
> Τη Δευτέρα, 21 Ιανουαρίου 2013 2:47:54 μ.μ. UTC+2, ο χρήστης Joel
> Goldstick έγραψε:
>> This is trolling Ferrous.  you are a troll.  Go away
> 
> Just because you cannot answer my question that doesn't make me a
> troll you know.

It becomes trolling when you refuse to even try to understand the
answers you are given.  And you refuse to take the advise of many
knowledgeable people who have a lot more experience in web application
development than you do (I'm not including myself in this category).
You refuse to use a database in a way that it was designed to be used.
If you're unwilling to identify a file based on name, path, and
contents, then you're only solution is to use a database to associate a
particular file with an id.  When you move or rename the file you have
to update the database.  That's the only answer we can give you.  Asking
the same question over and over again on different threads is not going
to change this. This is the third thread you've started on essentially
the same question. And you're getting the same advice on each thread.
There's a reason for this!

It's apparent that you don't have a lot of background in computer
programming or algorithms.  That's okay.  No one will fault you for
this.  But if you're going to reject the solutions posed by those with
such background, then it behooves you to gain a bit of knowledge in
these areas and learn why these suggestions are going made.

I in no way intend anything I have said to be condescending.  It's just
that those who are honestly trying to help you are getting frustrated.
And possibly you will interpret this frustration as hostility or
elitism, which it really is not.

[toc] | [prev] | [next] | [standalone]

#37426

Τη Τετάρτη, 23 Ιανουαρίου 2013 1:55:07 π.μ. UTC+2, ο χρήστης Michael Torrie έγραψε:

> You refuse to use a database in a way that it was designed to be used.
> 
> If you're unwilling to identify a file based on name, path, and
> 
> contents, then you're only solution is to use a database to associate a
> 
> particular file with an id.  When you move or rename the file you have
> 
> to update the database.  That's the only answer we can give you. 
 


table counters:   pin ---- page ----- hosts

table visitors:   pin ---- host ---- hits ---- useros ---- browser ---- date

1. Who is going to create the 'pin' ? the database automatically when i'am inserting a new record from python?
2. How's the 'pin' going to be associated with 'page' ?
3. if 'page' renames/moves then i have to manually edit the counter database table to find the specific 'page' record and upadate it by hand?


> I in no way intend anything I have said to be condescending.  It's just
> 
> that those who are honestly trying to help you are getting frustrated.
> 
> And possibly you will interpret this frustration as hostility or
> 
> elitism, which it really is not.

They are getting frustrated because they do not want to follow the logic i'am imposing.

[toc] | [prev] | [next] | [standalone]

#37433

On Jan 23, 7:12 pm, Ferrous Cranus <nikos.gr...@gmail.com> wrote:
> They are getting frustrated because they do not want to follow the logic i'am imposing.

No, it's because you're an obvious troll and you're wasting everyone's
time.

Now be a good lad and sod off.

[toc] | [prev] | [next] | [standalone]

#37435

On 23/01/2013 09:37, alex23 wrote:
> On Jan 23, 7:12 pm, Ferrous Cranus <nikos.gr...@gmail.com> wrote:
>> They are getting frustrated because they do not want to follow the logic i'am imposing.
>
> No, it's because you're an obvious troll and you're wasting everyone's
> time.
>
> Now be a good lad and sod off.
>

What an appalling lack of manners, it's sod off please :)

-- 
Cheers.

Mark Lawrence

[toc] | [prev] | [next] | [standalone]

#37441

Τη Τετάρτη, 23 Ιανουαρίου 2013 11:37:29 π.μ. UTC+2, ο χρήστης alex23 έγραψε:
> On Jan 23, 7:12 pm, Ferrous Cranus <nikos.gr...@gmail.com> wrote:
> 
> > They are getting frustrated because they do not want to follow the logic i'am imposing.
> 
> 
> 
> No, it's because you're an obvious troll and you're wasting everyone's
> 
> time.
> 
> 
> 
> Now be a good lad and sod off.

1. I'am a troll because i want to generate a solution in a specific way?
2. Am' i not wasting my time trying to reply to everybody?

[toc] | [prev] | [next] | [standalone]

#37454

[Multipart message — attachments visible in raw view] — view raw

On Wed, Jan 23, 2013 at 5:29 AM, Ferrous Cranus <nikos.gr33k@gmail.com>wrote:

> Τη Τετάρτη, 23 Ιανουαρίου 2013 11:37:29 π.μ. UTC+2, ο χρήστης alex23
> έγραψε:
> > On Jan 23, 7:12 pm, Ferrous Cranus <nikos.gr...@gmail.com> wrote:
> >
> > > They are getting frustrated because they do not want to follow the
> logic i'am imposing.
> >
> >
> >
> > No, it's because you're an obvious troll and you're wasting everyone's
> >
> > time.
> >
> >
> >
> > Now be a good lad and sod off.
>
> 1. I'am a troll because i want to generate a solution in a specific way?
> 2. Am' i not wasting my time trying to reply to everybody?
>

This is so weird.   Your time is not wasted, because your time is not
valuable.  You aren't even a person.  You are a fiction.  If you were real,
someone would beat you to death, and you would stop annoying people.   I
don't understand the troll thing.  Its really anti social.

I like the web, but this is so strange

> --
> http://mail.python.org/mailman/listinfo/python-list
>



-- 
Joel Goldstick
http://joelgoldstick.com

[toc] | [prev] | [next] | [standalone]

#37457

Τη Τετάρτη, 23 Ιανουαρίου 2013 2:03:51 μ.μ. UTC+2, ο χρήστης Joel Goldstick έγραψε:
> On Wed, Jan 23, 2013 at 5:29 AM, Ferrous Cranus <nikos...@gmail.com> wrote:
> 
> Τη Τετάρτη, 23 Ιανουαρίου 2013 11:37:29 π.μ. UTC+2, ο χρήστης alex23 έγραψε:
> 
> 
> > On Jan 23, 7:12 pm, Ferrous Cranus <nikos.gr...@gmail.com> wrote:
> 
> >
> 
> > > They are getting frustrated because they do not want to follow the logic i'am imposing.
> 
> >
> 
> >
> 
> >
> 
> > No, it's because you're an obvious troll and you're wasting everyone's
> 
> >
> 
> > time.
> 
> >
> 
> >
> 
> >
> 
> > Now be a good lad and sod off.
> 
> 
> 
> 1. I'am a troll because i want to generate a solution in a specific way?
> 
> 2. Am' i not wasting my time trying to reply to everybody?
> 
> 
> 
> This is so weird.   Your time is not wasted, because your time is not valuable.  You aren't even a person.  You are a fiction.  If you were real, someone would beat you to death, and you would stop annoying people.   I don't understand the troll thing.  Its really anti social. 
> 
> 
> 
> I like the web, but this is so strange
> 
> --
> 
> http://mail.python.org/mailman/listinfo/python-list
> 
> 
> 
> 
> -- 
> 
> 
> Joel Goldstick
> http://joelgoldstick.com

Who told you that my time is NOT valuable and yours is?
And yes iam an actual person.

[toc] | [prev] | [next] | [standalone]

#37458

Τη Τετάρτη, 23 Ιανουαρίου 2013 2:03:51 μ.μ. UTC+2, ο χρήστης Joel Goldstick έγραψε:
> On Wed, Jan 23, 2013 at 5:29 AM, Ferrous Cranus <nikos...@gmail.com> wrote:
> 
> Τη Τετάρτη, 23 Ιανουαρίου 2013 11:37:29 π.μ. UTC+2, ο χρήστης alex23 έγραψε:
> 
> 
> > On Jan 23, 7:12 pm, Ferrous Cranus <nikos.gr...@gmail.com> wrote:
> 
> >
> 
> > > They are getting frustrated because they do not want to follow the logic i'am imposing.
> 
> >
> 
> >
> 
> >
> 
> > No, it's because you're an obvious troll and you're wasting everyone's
> 
> >
> 
> > time.
> 
> >
> 
> >
> 
> >
> 
> > Now be a good lad and sod off.
> 
> 
> 
> 1. I'am a troll because i want to generate a solution in a specific way?
> 
> 2. Am' i not wasting my time trying to reply to everybody?
> 
> 
> 
> This is so weird.   Your time is not wasted, because your time is not valuable.  You aren't even a person.  You are a fiction.  If you were real, someone would beat you to death, and you would stop annoying people.   I don't understand the troll thing.  Its really anti social. 
> 
> 
> 
> I like the web, but this is so strange
> 
> --
> 
> http://mail.python.org/mailman/listinfo/python-list
> 
> 
> 
> 
> -- 
> 
> 
> Joel Goldstick
> http://joelgoldstick.com

Who told you that my time is NOT valuable and yours is?
And yes iam an actual person.

[toc] | [prev] | [next] | [standalone]

#37469

On Jan 23, 8:29 pm, Ferrous Cranus <nikos.gr...@gmail.com> wrote:
> 1. I'am a troll because i want to generate a solution in a specific way?

No, it's because you have the name & behaviour of a known type of
troll:

As has been pointed out: http://redwing.hutman.net/~mreed/warriorshtm/ferouscranus.htm

"Ferrous Cranus is utterly impervious to reason, persuasion and new
ideas, and when engaged in battle he will not yield an inch in his
position regardless of its hopelessness. Though his thrusts are
decisively repulsed, his arguments crushed in every detail and his
defenses demolished beyond repair he will remount the same attack
again and again with only the slightest variation in tactics."

Sound familiar?

[toc] | [prev] | [next] | [standalone]

#37493

On 01/23/2013 05:29 AM, Ferrous Cranus wrote:
>>
>> <snip>
>
> 1. I'am a troll because i want to generate a solution in a specific way?
> 2. Am' i not wasting my time trying to reply to everybody?
>

1) your username is obviously a pseudonym, and identified by multiple 
websites as a troll.  Further, your actions conform to the description 
on at least one of those websites.

2) Your replies are mostly of the forms:
     a) but I want a car that gets 300 miles to the gallon
     b) I know you explained that, but would you write all the code for me
     c) I haven't read any of the literature on computer science, so 
please build me a perpetual motion machine.  Never mind there's a better 
way to solve my problem, I don't want to hear it
     d) I'll ignore any message that I don't understand

3) The time that the OP spends ostensibly trying to get help is time 
he's spending for his own benefit.  The time that all the experienced 
people on here are spending has been mostly to try to help the OP. 
That's a big difference.


Your last code sample was in perl, and while I can read it (and have 
worked in it when it was absolutely necessary) I choose not to.  But 
just fixing a hash so it doesn't confuse abc with cba will NOT take away 
the very real probability of collisions.  Those calculations I did for 
you were for the ideal hash.  Most are much worse than that.

And increasing the range of pin from 10000 to 100000 will reduce the 
chances of collision, but not by nearly enough.  It still only takes 
about 150 average samples to get a collision likelihood of over 10%

You think it's an accident that md5 size is roughly equivalent to 39 
decimal digits?  Or that the ones that haven't been proven insecure are 
much larger than that?  The sha512 hash is roughly equivalent to 154 
decimal digits.



-- 
DaveA

[toc] | [prev] | [next] | [standalone]

#37518

On Wed, Jan 23, 2013 at 11:38 PM, Dave Angel <d@davea.name> wrote:
> You think it's an accident that md5 size is roughly equivalent to 39 decimal
> digits?  Or that the ones that haven't been proven insecure are much larger
> than that?  The sha512 hash is roughly equivalent to 154 decimal digits.

Proving a hash function secure or not is orthogonal to its length. You
could have a cryptographically secure hash function that produces a
single byte; you'd get collisions pretty often, but that's understood.
Conversely, you could have an insecure hash that produces a value
several orders of magnitude longer than SHA512. Look at this:

def big_long_hash(val):
    return sum(bytes(str(val),"utf-8"))*12345678901234567890

But longer hashes do reduce the chance of collisions, by the
fundamental rules of mathematics.

ChrisA

[toc] | [prev] | [next] | [standalone]

#37522

On 01/23/2013 06:25 PM, Chris Angelico wrote:
> On Wed, Jan 23, 2013 at 11:38 PM, Dave Angel <d@davea.name> wrote:
>> You think it's an accident that md5 size is roughly equivalent to 39 decimal
>> digits?  Or that the ones that haven't been proven insecure are much larger
>> than that?  The sha512 hash is roughly equivalent to 154 decimal digits.
>
> Proving a hash function secure or not is orthogonal to its length. You
> could have a cryptographically secure hash function that produces a
> single byte; you'd get collisions pretty often, but that's understood.
> Conversely, you could have an insecure hash that produces a value
> several orders of magnitude longer than SHA512. Look at this:
>
> def big_long_hash(val):
>      return sum(bytes(str(val),"utf-8"))*12345678901234567890
>
> But longer hashes do reduce the chance of collisions, by the
> fundamental rules of mathematics.
>

I certainly can't disagree that it's easy to produce a very long hash 
that isn't at all secure.  But I would disagree that longer hashes 
*automatically* reduce chances of collision.

Anyway, about cryptographically ...

OK, I'd like to learn here.  I thought that "cryptographically secure" 
meant that it was infeasible to take a given message and make an 
innocuous change to it (such as adding a trailer of whatever size) and 
from that produce a predetermined hash value.

Obviously "infeasible" will change over time.  But if my definition is 
even close, then wouldn't it be a necessary (not sufficient) condition 
that the hash be at least some certain size.  It is that size I was 
trying to impress on the OP.

Wikipedia - http://en.wikipedia.org/wiki/Cryptographic_hash_function

seems to say that there are four requirements.
it is easy to compute the hash value for any given message
it is infeasible to generate a message that has a given hash
it is infeasible to modify a message without changing the hash
it is infeasible to find two different messages with the same hash


Seems to me a small hash wouldn't be able to meet the last 3 conditions.




-- 
DaveA

[toc] | [prev] | [next] | [standalone]

#37523

On Thu, Jan 24, 2013 at 11:09 AM, Dave Angel <d@davea.name> wrote:
> I certainly can't disagree that it's easy to produce a very long hash that
> isn't at all secure.  But I would disagree that longer hashes
> *automatically* reduce chances of collision.

Sure. But by and large, longer hashes give you a better chance at
avoiding collisions.

Caveat: I am not a cryptography expert. My statements are based on my
own flawed understanding of what's going on. I use the stuff but I
don't invent it.

> Wikipedia - http://en.wikipedia.org/wiki/Cryptographic_hash_function
>
> seems to say that there are four requirements.
> it is easy to compute the hash value for any given message
> it is infeasible to generate a message that has a given hash
> it is infeasible to modify a message without changing the hash
> it is infeasible to find two different messages with the same hash
>
> Seems to me a small hash wouldn't be able to meet the last 3 conditions.

True, but the definition of "small" is tricky. Of course the one-byte
hash I proposed isn't going to be difficult to break, since you can
just brute-force a bunch of message changes until you find one that
has the right hash.

But it's more about the cascade effect - that any given message has
equal probability of having any of the possible hashes. Make a random
change, get another random hash. So for a perfect one-byte hash, you
have exactly one chance in 256 of getting any particular hash.

By comparison, a simple/naive hash that just XORs together all the
byte values fails these checks. Even if you take the message 64 bytes
at a time (thus producing a 512-bit hash), you'll still be insecure,
because it's easy to predict what hash you'll get after making a
particular change.

This property of the hash doesn't change as worldwide computing power
improves. A hashing function might go from being "military-grade
security" to being "home-grade security" to being "two-foot fence
around your property", while still being impossible to predict without
brute-forcing. But when an algorithm is found that generates
collisions faster than the hash size indicates, it effectively reduces
the hash size to the collision rate - MD5 is 128-bit, but (if I
understand the Wikipedia note correctly) a known attack cuts that to
20.96 bits of "real hash size". So MD5 is still better than a perfect
16-bit hash, but not as good as a perfect 32-bit hash. (And on today's
hardware, that's not good enough.)

http://en.wikipedia.org/wiki/Collision_resistant

ChrisA

[toc] | [prev] | [next] | [standalone]

#37527

On 01/23/2013 07:39 PM, Chris Angelico wrote:
> On Thu, Jan 24, 2013 at 11:09 AM, Dave Angel <d@davea.name> wrote:
>> I certainly can't disagree that it's easy to produce a very long hash that
>> isn't at all secure.  But I would disagree that longer hashes
>> *automatically* reduce chances of collision.
>
> Sure. But by and large, longer hashes give you a better chance at
> avoiding collisions.
>
> Caveat: I am not a cryptography expert. My statements are based on my
> own flawed understanding of what's going on. I use the stuff but I
> don't invent it.
>
>> Wikipedia - http://en.wikipedia.org/wiki/Cryptographic_hash_function
>>
>> seems to say that there are four requirements.
>> it is easy to compute the hash value for any given message
>> it is infeasible to generate a message that has a given hash
>> it is infeasible to modify a message without changing the hash
>> it is infeasible to find two different messages with the same hash
>>
>> Seems to me a small hash wouldn't be able to meet the last 3 conditions.
>
> True, but the definition of "small" is tricky. Of course the one-byte
> hash I proposed isn't going to be difficult to break, since you can
> just brute-force a bunch of message changes until you find one that
> has the right hash.
>
> But it's more about the cascade effect - that any given message has
> equal probability of having any of the possible hashes. Make a random
> change, get another random hash. So for a perfect one-byte hash, you
> have exactly one chance in 256 of getting any particular hash.
>
> By comparison, a simple/naive hash that just XORs together all the
> byte values fails these checks. Even if you take the message 64 bytes
> at a time (thus producing a 512-bit hash), you'll still be insecure,
> because it's easy to predict what hash you'll get after making a
> particular change.
>
> This property of the hash doesn't change as worldwide computing power
> improves. A hashing function might go from being "military-grade
> security" to being "home-grade security" to being "two-foot fence
> around your property", while still being impossible to predict without
> brute-forcing. But when an algorithm is found that generates
> collisions faster than the hash size indicates, it effectively reduces
> the hash size to the collision rate - MD5 is 128-bit, but (if I
> understand the Wikipedia note correctly) a known attack cuts that to
> 20.96 bits of "real hash size". So MD5 is still better than a perfect
> 16-bit hash, but not as good as a perfect 32-bit hash. (And on today's
> hardware, that's not good enough.)
>
> http://en.wikipedia.org/wiki/Collision_resistant
>
> ChrisA
>

Thanks.  I've read a lot about encryption and data compression (two 
overlapping fields), and done some amateurish work (first time was 1975) 
that was just to keep something secret, not to be especially secure.  I 
find the field fascinating, but have never needed to do anything 
particularly secure for a real product.


-- 
DaveA

[toc] | [prev] | [next] | [standalone]

#37502

On Wed, 23 Jan 2013 01:12:31 -0800 (PST), Ferrous Cranus
<nikos.gr33k@gmail.com> declaimed the following in
gmane.comp.python.general:

	I shouldn't succumb to the continuation of these threads as they are
going past farcical to ludicrous.

> 
> table counters:   pin ---- page ----- hosts
> 
> table visitors:   pin ---- host ---- hits ---- useros ---- browser ---- date
> 
> 1. Who is going to create the 'pin' ? the database automatically when i'am inserting a new record from python?

	YES -- It's called a "primary key" and most all databases have the
ability to create one via an auto-incrementing field (that is, a new
number is generated whenever a new record is inserted that DOES NOT
SUPPLY the key field)

> 2. How's the 'pin' going to be associated with 'page' ?

	The primary key is used as a foreign key reference in the other
table

> 3. if 'page' renames/moves then i have to manually edit the counter database table to find the specific 'page' record and upadate it by hand?
> 

	Well, you have that situation with ANY system in which you do not
have control over move/rename operation.
-- 
	Wulfraed                 Dennis Lee Bieber         AF6VN
        wlfraed@ix.netcom.com    HTTP://wlfraed.home.netcom.com/

[toc] | [prev] | [next] | [standalone]

#37427

Τη Τετάρτη, 23 Ιανουαρίου 2013 1:55:07 π.μ. UTC+2, ο χρήστης Michael Torrie έγραψε:

> You refuse to use a database in a way that it was designed to be used.
> 
> If you're unwilling to identify a file based on name, path, and
> 
> contents, then you're only solution is to use a database to associate a
> 
> particular file with an id.  When you move or rename the file you have
> 
> to update the database.  That's the only answer we can give you. 
 


table counters:   pin ---- page ----- hosts

table visitors:   pin ---- host ---- hits ---- useros ---- browser ---- date

1. Who is going to create the 'pin' ? the database automatically when i'am inserting a new record from python?
2. How's the 'pin' going to be associated with 'page' ?
3. if 'page' renames/moves then i have to manually edit the counter database table to find the specific 'page' record and upadate it by hand?


> I in no way intend anything I have said to be condescending.  It's just
> 
> that those who are honestly trying to help you are getting frustrated.
> 
> And possibly you will interpret this frustration as hostility or
> 
> elitism, which it really is not.

They are getting frustrated because they do not want to follow the logic i'am imposing.

[toc] | [prev] | [next] | [standalone]

#37200

Τη Δευτέρα, 21 Ιανουαρίου 2013 2:47:54 μ.μ. UTC+2, ο χρήστης Joel Goldstick έγραψε:
> This is trolling Ferrous.  you are a troll.  Go away

Just because you cannot answer my question that doesn't make me a troll you know.

[toc] | [prev] | [next] | [standalone]

#37228

On 01/21/2013 07:06 AM, Ferrous Cranus wrote:
>
>>  <snip>
>>
>>
>> Seriously, you're asking for something that's beyond the power of
>>
>> humans or computers. You want to identify that something's the same
>>
>> file, without tracking the change or having any identifiable tag.
>>
>> That's a fundamentally impossible task.
>
> No, it is difficult but not impossible.
> It just cannot be done by tagging the file by:
>
> 1. filename
> 2. filepath
> 3. hash (math algorithm producing a string based on the file's contents)
>
> We need another way to identify the file WITHOUT using the above attributes.
>

Repeating the same impossible scenario won't solve it.  You need to find 
some other way to recognize the file.  If you can't count on either 
name, location, or content, you can't do it.

Try solving the problem by hand.  If you examine the files, and a 
particular one has both changed names and content, how are you going to 
decide that it's the "same" one?   Define "same" in a way that you could 
do it by hand, and you're halfway towards a programming solution.

Maybe it'd be obvious from an analogy.  Suppose you're HR for a company 
with 100 employees, and a strange policy of putting paychecks under the 
wipers of the employees' windshields.  All the employee cars are kept 
totally clean of personal belongings, with no registration or license 
plates.  The lot has no reserved parking places, so every car has a 
random location.

For a while, you just memorize the make/model/color of each car, and 
everything's fine.  But one day several of the employees buy new cars. 
How do you then associate each car with each employee?

I've got it - you require each one to keep a numbered parking sticker, 
and they move the sticker when they get a new car.

Or, you give everyone a marked, reserved parking place.

Or you require each employee to report any car exchanges to you, so you 
can update your records.

If you can solve this one, you can probably solve the other one.  Until 
then, we have no spec.



-- 
DaveA

[toc] | [prev] | [next] | [standalone]

#37183

Τη Δευτέρα, 21 Ιανουαρίου 2013 11:31:24 π.μ. UTC+2, ο χρήστης Chris Angelico έγραψε:
> On Mon, Jan 21, 2013 at 8:19 PM, Ferrous Cranus <nikos.gr33k@gmail.com> wrote:
> 
> > This python script acts upon websites other people use and
> 
> > every html templates has been written by different methods(notepad++, dreamweaver, joomla).
> 
> >
> 
> > Renames and  moves are performed, either by shell access or either by cPanel access by website owners.
> 
> >
> 
> > That being said i have no control on HOW and WHEN users alter their html pages.
> 
> 
> 
> Then I recommend investing in some magic. There's an old-established
> 
> business JW Wells & Co, Family Sorcerers. They've a first-rate
> 
> assortment of magic, and for raising a posthumous shade with effects
> 
> that are comic, or tragic, there's no cheaper house in the trade! If
> 
> anyone anything lacks, he'll find it all ready in stacks, if he'll
> 
> only look in on the resident Djinn, number seventy, Simmery Axe!
> 
> 
> 
> Seriously, you're asking for something that's beyond the power of
> 
> humans or computers. You want to identify that something's the same
> 
> file, without tracking the change or having any identifiable tag.
> 
> That's a fundamentally impossible task.

No, it is difficult but not impossible.
It just cannot be done by tagging the file by:

1. filename
2. filepath
3. hash (math algorithm producing a string based on the file's contents)

We need another way to identify the file WITHOUT using the above attributes.

[toc] | [prev] | [next] | [standalone]

Page 2 of 4 — ← Prev page 1 [2] 3 4  Next page →

Back to top | Article view | comp.lang.python

csiph-web